7.1 Network Rules Wizard
77
NAT
This rule sets that in all
from the local network to the Internet, the source
(private) IP address will be replaced by the address of the Internet interface through
which the
is sent from the firewall. Only specified services can be accessed by the
Internet connection (the wizard, page 4).
The
Source
item of this rule includes the
Trusted / Local interfaces
group and the
Des-
tination
item includes group
Internet interfaces
. This makes the rule applicable to any
network configuration. It is not necessary to change this rule whenever a new segment of
the LAN is connected or Internet connection is changed.
By default, the
Trusted / Local interfaces
group includes also a
Dial-In
interface, i.e. all
RAS
clients connecting to this server can access the Internet with the
NAT
technology.
Local Traffic
This rule allows all traffic between local hosts and the firewall (i.e. the computer where
WinRoute
is installed). In this rule, items
Source
and
Destination
include the
Trusted /
Local interfaces
group (see chapter
) and the special group
Firewall
.
By default, the
Trusted / Local interfaces
group includes also a
Dial-In
interface. This
means that the
Local Traffic
rule also allows traffic between local hosts and
RAS
clients/VPN clients connected to the server.
If creating of rules for
Kerio VPN
was set in the wizard (the wizard, page 5), the
Local
Traffic
rule includes also special address groups
All VPN tunnels
and
All VPN clients
. This
implies that, by default, the rule allows traffic between the local network (firewall), remote
networks connected via VPN tunnels and VPN clients connecting to the
WinRoute’s
VPN
server.
Note:
Access to the
WinRoute
host is not limited as the Wizard supposes that this host
belongs to the local network. Limitations can be done by modification of an appropriate
rule or by creating a new one. An inconvenient rule limiting access to the
WinRoute
host might block remote administration or it might cause some Internet services to be
unavailable (all traffic between the LAN and the Internet passes through this host).
Firewall Traffic
This rule enables access to certain services from the
WinRoute
host. It is similar to the
NAT
rule except from the fact that this rule does not perform IP translation (this host
connects to the Internet directly).
Default rule
This rule drops all communication that is not allowed by other rules. The default rule is
always listed at the end of the rule list and it cannot be removed.
The default rule allows the administrator to select what action will be taken with unde-
sirable traffic attempts (
Deny
or
Drop
) and to decide whether packets or/and connections
will be logged.
Note:
To see detailed descriptions of traffic rules refer to chapter
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...